/*     */ package com.zimbra.cs.mailbox.acl;
/*     */ 
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.soap.Element;
/*     */ import com.zimbra.common.soap.Element.XMLElement;
/*     */ import com.zimbra.common.soap.MailConstants;
/*     */ import com.zimbra.common.soap.SoapHttpTransport;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.AccessManager;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AccountServiceException;
/*     */ import com.zimbra.cs.account.AuthToken;
/*     */ import com.zimbra.cs.account.GuestAccount;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.Server;
/*     */ import com.zimbra.cs.httpclient.URLUtil;
/*     */ import com.zimbra.cs.mailbox.ACL;
/*     */ import com.zimbra.cs.mailbox.Folder;
/*     */ import com.zimbra.cs.mailbox.MailItem.Type;
/*     */ import com.zimbra.cs.mailbox.Mailbox;
/*     */ import com.zimbra.cs.mailbox.MailboxManager;
/*     */ import com.zimbra.cs.mailbox.OperationContext;
/*     */ import com.zimbra.cs.service.AuthProvider;
/*     */ import com.zimbra.cs.service.util.ItemId;
/*     */ import java.io.IOException;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class FolderACL
/*     */ {
/*     */   OperationContext mOctxt;
/*     */   ShareTarget mShareTarget;
/*     */   Boolean mCanAccessOwnerAccount;
/*     */   
/*     */   private static class ShareTarget
/*     */   {
/*     */     private Account mOwnerAcct;
/*     */     int mFolderId;
/*     */     
/*     */     private ShareTarget(String ownerAcctId, int folderId)
/*     */       throws ServiceException
/*     */     {
/*  74 */       this.mOwnerAcct = Provisioning.getInstance().get(Key.AccountBy.id, ownerAcctId);
/*  75 */       if (this.mOwnerAcct == null) {
/*  76 */         throw AccountServiceException.NO_SUCH_ACCOUNT(ownerAcctId);
/*     */       }
/*  78 */       this.mFolderId = folderId;
/*     */     }
/*     */     
/*     */     private ShareTarget(Account ownerAcct, int folderId) throws ServiceException {
/*  82 */       this.mOwnerAcct = ownerAcct;
/*  83 */       this.mFolderId = folderId;
/*     */     }
/*     */     
/*     */     private Account getAccount() {
/*  87 */       return this.mOwnerAcct;
/*     */     }
/*     */     
/*     */     private String getAccountId() {
/*  91 */       return this.mOwnerAcct.getId();
/*     */     }
/*     */     
/*     */     int getFolderId() {
/*  95 */       return this.mFolderId;
/*     */     }
/*     */     
/*     */     boolean onLocalServer() throws ServiceException {
/*  99 */       return Provisioning.onLocalServer(this.mOwnerAcct);
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public FolderACL(OperationContext octxt, String ownerAcctId, int folderId)
/*     */     throws ServiceException
/*     */   {
/* 114 */     this.mOctxt = octxt;
/* 115 */     this.mShareTarget = new ShareTarget(ownerAcctId, folderId, null);
/* 116 */     this.mCanAccessOwnerAccount = null;
/*     */   }
/*     */   
/*     */   public FolderACL(OperationContext octxt, Account ownerAcct, int folderId, Boolean canAccessOwnerAccount) throws ServiceException {
/* 120 */     this.mOctxt = octxt;
/* 121 */     this.mShareTarget = new ShareTarget(ownerAcct, folderId, null);
/* 122 */     this.mCanAccessOwnerAccount = canAccessOwnerAccount;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public short getEffectivePermissions()
/*     */     throws ServiceException
/*     */   {
/* 134 */     short rightsNeeded = -1;
/* 135 */     return checkRights(rightsNeeded);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public boolean canAccess(short rightsNeeded)
/*     */     throws ServiceException
/*     */   {
/* 147 */     short hasRights = checkRights(rightsNeeded);
/* 148 */     return (hasRights & rightsNeeded) == rightsNeeded;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   private short checkRights(short rightsNeeded)
/*     */     throws ServiceException
/*     */   {
/* 160 */     return checkRights(rightsNeeded, getAuthenticatedAccount(), isUsingAdminPrivileges());
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   private Account getAuthenticatedAccount()
/*     */     throws ServiceException
/*     */   {
/* 172 */     Account authuser = null;
/* 173 */     if (this.mOctxt != null) {
/* 174 */       authuser = this.mOctxt.getAuthenticatedUser();
/*     */     }
/*     */     
/*     */ 
/* 178 */     if ((authuser != null) && (authuser.getId().equals(this.mShareTarget.getAccountId())))
/* 179 */       authuser = null;
/* 180 */     return authuser;
/*     */   }
/*     */   
/*     */   private boolean canAccessOwnerAccount(Account authuser, boolean asAdmin) throws ServiceException {
/* 184 */     if (this.mCanAccessOwnerAccount == null) {
/* 185 */       boolean caa = AccessManager.getInstance().canAccessAccount(authuser, this.mShareTarget.getAccount(), asAdmin);
/* 186 */       this.mCanAccessOwnerAccount = Boolean.valueOf(caa);
/*     */     }
/* 188 */     return this.mCanAccessOwnerAccount.booleanValue();
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   private boolean isUsingAdminPrivileges()
/*     */   {
/* 198 */     return (this.mOctxt != null) && (this.mOctxt.isUsingAdminPrivileges());
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */   private short checkRights(short rightsNeeded, Account authuser, boolean asAdmin)
/*     */     throws ServiceException
/*     */   {
/* 207 */     if (rightsNeeded == 0) {
/* 208 */       return rightsNeeded;
/*     */     }
/*     */     
/*     */ 
/* 212 */     if ((authuser == null) || (authuser.getId().equals(this.mShareTarget.getAccountId()))) {
/* 213 */       return rightsNeeded;
/*     */     }
/*     */     
/* 216 */     if (canAccessOwnerAccount(authuser, asAdmin)) {
/* 217 */       return rightsNeeded;
/*     */     }
/* 219 */     Short granted = null;
/*     */     
/*     */ 
/* 222 */     ACL rights = getEffectiveACLFromCache();
/* 223 */     if (rights != null) {
/* 224 */       granted = rights.getGrantedRights(authuser);
/*     */     } else {
/* 226 */       granted = getEffectivePermissionsFromServer();
/*     */     }
/* 228 */     if (granted != null) {
/* 229 */       return (short)(granted.shortValue() & rightsNeeded);
/*     */     }
/* 231 */     return 0;
/*     */   }
/*     */   
/*     */ 
/*     */   private ACL getEffectiveACLFromCache()
/*     */     throws ServiceException
/*     */   {
/* 238 */     return EffectiveACLCache.get(this.mShareTarget.getAccountId(), this.mShareTarget.getFolderId());
/*     */   }
/*     */   
/*     */ 
/*     */   private Short getEffectivePermissionsFromServer()
/*     */     throws ServiceException
/*     */   {
/* 245 */     if (this.mShareTarget.onLocalServer()) {
/* 246 */       return getEffectivePermissionsLocal();
/*     */     }
/* 248 */     return getEffectivePermissionsRemote();
/*     */   }
/*     */   
/*     */   private Short getEffectivePermissionsLocal() throws ServiceException {
/* 252 */     Mailbox ownerMbx = MailboxManager.getInstance().getMailboxByAccountId(this.mShareTarget.getAccountId());
/* 253 */     Folder folder = ownerMbx.getFolderById(null, this.mShareTarget.getFolderId());
/* 254 */     return getEffectivePermissionsLocal(this.mOctxt, ownerMbx, folder);
/*     */   }
/*     */   
/*     */   public static Short getEffectivePermissionsLocal(OperationContext octxt, Mailbox ownerMbx, Folder folder)
/*     */     throws ServiceException
/*     */   {
/* 260 */     ACL acl = folder.getEffectiveACL();
/* 261 */     EffectiveACLCache.put(folder.getAccount().getId(), folder.getId(), acl);
/*     */     
/*     */ 
/* 264 */     return Short.valueOf(ownerMbx.getEffectivePermissions(octxt.getAuthenticatedUser(), octxt.isUsingAdminPrivileges(), folder.getId(), MailItem.Type.FOLDER));
/*     */   }
/*     */   
/*     */   private Short getEffectivePermissionsRemote()
/*     */     throws ServiceException
/*     */   {
/* 270 */     Element request = new Element.XMLElement(MailConstants.GET_EFFECTIVE_FOLDER_PERMS_REQUEST);
/*     */     
/* 272 */     ItemId iid = new ItemId(this.mShareTarget.getAccountId(), this.mShareTarget.getFolderId());
/* 273 */     request.addElement("folder").addAttribute("l", iid.toString((Account)null));
/*     */     
/* 275 */     Server server = Provisioning.getInstance().getServer(this.mShareTarget.getAccount());
/* 276 */     String url = URLUtil.getSoapURL(server, false);
/* 277 */     SoapHttpTransport transport = new SoapHttpTransport(url);
/*     */     
/* 279 */     AuthToken authToken = null;
/* 280 */     if (this.mOctxt != null)
/* 281 */       authToken = AuthToken.getCsrfUnsecuredAuthToken(this.mOctxt.getAuthToken());
/* 282 */     if (authToken == null)
/* 283 */       authToken = AuthProvider.getAuthToken(GuestAccount.ANONYMOUS_ACCT);
/* 284 */     transport.setAuthToken(authToken.toZAuthToken());
/* 285 */     transport.setTargetAcctId(this.mShareTarget.getAccountId());
/*     */     
/* 287 */     Short perms = null;
/*     */     try {
/* 289 */       Element response = transport.invoke(request);
/* 290 */       Element eFolder = response.getElement("folder");
/* 291 */       String permsStr = eFolder.getAttribute("perm");
/* 292 */       perms = Short.valueOf(ACL.stringToRights(permsStr));
/*     */     } catch (ServiceException e) {
/* 294 */       ZimbraLog.misc.warn("cannot get effective perms from server " + server.getName(), e);
/*     */     } catch (IOException e) {
/* 296 */       ZimbraLog.misc.warn("cannot get effective perms from server " + server.getName(), e);
/*     */     } finally {
/* 298 */       transport.shutdown();
/*     */     }
/*     */     
/* 301 */     return perms;
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/mailbox/acl/FolderACL.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */